* on the internal sticker located on the Ethernet jack (may have 12B042) ​

+

* ** DO NOT RELY ON THE VERSION GIVEN BY THE EXTERNAL STICKER ON CASE BOTTOM ** : it may report falsely "​1.6",​ even if the firmware is actually a V1.7

+

+

{{:​meta:​icons:​tango:​48px-dialog-warning.svg.png?​nolink}} **WARNING __If you have a V1.7 firmware, current OpenWrt trunk (r36641) will brick

+

your router, unless you have access to the serial console!__ **

+

+

Below is the version of the new bootloader (which disables the LAN port) of a version 1.7 hardware model (bought in December 2012). ​

+

<​code>​ ​

+

root@tpl2:​~#​ grep -a U-Boot /dev/mtd0ro | cut -d'​I'​ -f1

+

U-Boot 1.1.4 (Sep 25 2012 - 09:​04:​47) ​

+

</​code>​ ​

+

+

For more info visit this forum topic:​ ​

+

https://​forum.openwrt.org/​viewtopic.php?​id=40986

+

+

==== Power consumption ===

+

+

This router is standardly powered via USB at 5V. The voltage regulator inside is unknown, but its input voltage should be at least between 3.7V - 5.5V, but not over 5.5V. The device will get damaged at too high voltages*. Maximum current draw at 5V is 185mA (OpenWrt boot), average current draw with WiFi at 18dBm is 100mA, without WiFi 80mA. Hence the average router power consumption is 0.5W, which is incredibly low.

+

+

Power consumption will be higher if a USB device is attached to its USB port!

+

+

*Hint: If the router seems to be damaged because of a too high voltage, connect 3.3V _after_ the voltage regulator. This replaces the function of the damaged regulator, and the router works again.

+

Be sure to power 5 volts into the micro-usb port at the same time if you want to have the usb port on the device work.

+

More information and a rough diagram here [[http://​img513.imageshack.us/​img513/​4295/​saai.jpg]]

+

+

==== Serial console ====

+

+

The serial console connector does not utilise the regular TP-Link pinouts. Two pads labelled TP_OUT and TP_IN are the TX and RX signals. 115200 8n1

+

+

Note that the pads can very easily be lifted. ​ There is slightly more mechanical strength if you can solder to the surface-mount components to which the pads are connected--but this also takes care--your device could easily be destroyed. ​ Make sure that your connection is secured so that tension cannot be applied to the solder points when you connect to an external device.

To flash from the Chinese web interface, at the present time you would select the last menu item on the left, and then the third submenu item. This initiates a popup with two buttons--the upper right one allows you to browse to find the file you want to flash on your PC, the lower left one initiates the flash.

+

+

When you roll over an item on the Chinese web interface, the rollover text will indicate which item you are selecting.

+

+

==== Failsafe mode ====

+

+

When the configuration no longer allows you to log in via any network connection (e.g. lost password), the OpenWrt failsafe mode can be entered via the single "​Reset"​ button on the device. However, in contrast to the [[:​doc:​howto:​generic.failsafe|generic failsafe instructions]],​ for the TL-WR703N you have to wait for ca. 10 (10-12) seconds before pushing the "​Reset"​ button after powering on the device. If the button is pushed immediately after powering on, the single blue LED will start blinking, supposedly indicating some failsafe firmware recovery mody of the embedded bootloader (not yet discovered how to use it). In this mode, the OpenWrt failsafe is not being started. Instead, wait for slightly longer than 10 seconds and - as soon as the LED starts blinking for the first time after powering on the device, push the "​Reset"​ button for ca. 1-2 seconds. Immediately afterwards, the LED will blink rapidly (multiple Hz) and OpenWrt will be in [[:​doc:​howto:​generic.failsafe|failsafe mode]].\\

+

- The above didn't work on a Ver 1.6 box running OpenWRT r33312. To get into failsafe mode, power up the device and wait until the LED starts flashing (about 2Hz). Once it starts flashing (within about 4 seconds) then quickly press the button. The LED will then flash much faster and the device will be in failsafe mode.

The TL-WR703N has been [[http://​www.kean.com.au/​oshw/​WR703N/​teardown/​|teared down]] by Kean and almost completely [[http://​squonk42.github.com/​TL-WR703N/​|reverse-engineered]] by Squonk, including external layers layout and schematic.

+

+

==== AR9331 Pinout ====

+

+

{{:​media:​datasheets:​ar9331.pinout.bg.png?​direct&​300|}}

+

+

Check the details [[toh:​tp-link:​tl-wr703n:​ar9331_pinout|here]].

+

+

==== GPIOs ====

+

+

The AR933x platform provides 30 GPIOs. Some of them are used by the router for status LEDs, buttons and other stuff. The table below shows the results of investigations:​

The USB port on the WR703n is not compatible with USB1 devices (aka full speed) and only works properly with USB2 (aka high speed) devices. You can however plug a USB-Serial adapter as long as you plug that through a <$10 USB2. While you're at it, use another USB port to plug in a USB key and write data there (like serial console logs) so as not to wear out the built in flash.

+

+

See this page for more tips and how to create a serial console server out of your WR703n:

*[[http://​www.tl-wr703n.blogspot.com/​2012/​08/​tl-wr703n-poe-power-over-ethernet-rj45.html|POE (Power Over Ethernet) RJ45]] and on the [[https://​forum.openwrt.org/​viewtopic.php?​pid=176528#​p176528|forum]] and on [[http://​dev.wlan-si.net/​wiki/​Routers/​TP-LINK/​WR703N|wlan-si web site]]

+

*[[https://​forum.openwrt.org/​viewtopic.php?​pid=196884|POE and USB to serial mod]]

This project implements a webradio with cheep usb soundcard and a speaker of an old mobile phone within the casing of the router. There are two analogue controllers for selecting the stream and the volume. Therefor an attiny85 is connected to the uart.

+

+

[[http://​piie.net/​index.php?​section=tplink-radio|Building a tiny webradio with analog volume and tune controller]]

+

+

+

+

==== 64MB RAM Mod ====

+

The Device uses a DDR1 16Mbit x 16bit (16Mibit*16=256 mebibit. 256 mebibit/​8=32MiByte) 400MHz chip Zentel A3S56D40FTP. Replace it with any 32Mbit x 16bit chip. 333MHz instead of 400MHz also works fine. It's quite hard to find these chips. One of the ways to get them is to have a look at DDR SO-DIMM (because SO-DIMM modules are shipped with x16 chips). Since there are no 64Mbit x 16bit DDR1 Chips available -> no 128 MB mod!

+

+

The most easy approach is to seek for a 4-chip DDR 256 MB module. These all have x16 chips too. Chips only on one side (not to be confused with double-sided 256 MB modules with 4 chips on each side) and only 4 of them - that's the best chance to get some. They represent a small percent among usual 8-chip modules but this is equalized with the amount and "cheap as dirt" price of such DDR 256 MB modules.

Once plugged into a target network, the Mini-Pwner can establish an SSH tunnel through the target network, or can be accessed by wifi. In addition, the MiniPwner can be configured as a wifi sniffer and logger - wardriving in your pocket.

+

+

Low power consumption,​ can be run off battery.

+

With the 1700 mAh battery included in the kit, the Mini-Pwner will run for over five hours of active wired and wireless activity. No need to find a power outlet during the pen test.

+

+

Multiple Pen Testing Tools included

+

tcpdump, nmap, kismet, all come pre-installed

+

+

Flexible and Expandable

+

The MiniPwner runs on the open source OpenWrt operating system. You can easily add or change the installed packages.

+

+

Small size

+

The MiniPwner can be easily carried in a pocket, hidden behind a telephone, or hang from a jack by a short ethernet cable.

+

+

{{:​media:​tplink:​tl-wr703n:​tl-wr703n_mintyopen.jpg?​direct&​300|}}

+

+

There are many other creative ways to use the MiniPwner. Here is a list of some of the software that comes installed:

+

* Nmap network scanner

+

* Tcpdump sniffer

+

* Netcat Hacker’s swiss army knife

+

* aircrack Wireless network analysis

+

* kismet Wireless network analysis

+

* perl Perl Scripting Language

+

* openvpn VPN Client and Server

+

* dsniff suite of sniffing and spoofing tools, including arpspoof

+

* nbtscan NetBIOS Network Scanner

+

* snort Sniffer, Packet Logger, Intrusion Detection System

+

* karma Wireless Sniffing Tool - not working yet....

+

* samba2-client Windows File Sharing Client

+

* elinks Text Based Web Browser

+

* yafc FTP Client

+

* openssh-sftp-client Secure File Transfer Client

+

+

+

Web - [[http://​www.minipwner.com/​]]

+

+

==== WR703N Expander board and case ====

+

+

{{media:​tplink:​tl-wr703n:​tl-wr703n_expander_v1.png?​direct&​300|}}

+

+

Kean Electronics in conjunction with the Sydney Hackerspace has developed WR703N Expander board as Open Hardware, all schematics are available online on their website - [[http://​www.kean.com.au/​oshw/​WR703N/​]]